Skip to main content

MeshCore Packet Format and Encryption

This page covers MeshCore's packet encryption as verified from docs/packet_format.md and src/Utils.cpp in the official MeshCore repository.

Encryption at the Packet Level

Each MeshCore message packet is protected by AES-128 encryption followed by a 2-byte HMAC-SHA256 MAC:

[Cleartext header] [AES-128 ECB encrypted payload] [2-byte HMAC-SHA256 MAC]

Route Types

Packets carry one of four route types (from packet_format.md):

  • ROUTE_TYPE_FLOOD — broadcast to all repeaters; used for initial contact and group messages
  • ROUTE_TYPE_DIRECT — embeds a specific repeater path; only listed repeaters forward the packet
  • ROUTE_TYPE_TRANSPORT_FLOOD — flood with transport/region code prefix
  • ROUTE_TYPE_TRANSPORT_DIRECT — direct-routed with transport/region code

Path Learning (How Direct Routing Works)

MeshCore uses a flood-then-direct-route mechanism (not AODV RREQ/RREP)path discovery):

  1. First message to a new destination is flood-routed
  2. The destination node returns a PAYLOAD_TYPE_PATH packet containing the full repeater path it received the message through
  3. The sender stores this path and uses ROUTE_TYPE_DIRECT for subsequent messages, embedding the learned path
  4. Only the specific repeaters in the path forward the packet — all others ignore it

This mechanism reduces channel load significantly compared to pure flooding once paths are established.

Source: docs/packet_format.md and src/Utils.cpp in the official MeshCore repository. Verified 2026-05-03.

Back to top